GDPR, built in

All form responses, files and account data are stored on servers in the United Kingdom. We never replicate personal data outside the UK / EEA without your explicit instruction.

• AWS (EU/UK regions) — primary infrastructure
• Cloudflare — CDN and DDoS protection
• Stripe — payment processing
• Postmark — transactional email

Form respondents can request access, correction or deletion of their data at any time via the form owner. Account holders can export or delete their workspace from Settings → Data.

A signed DPA is available to every customer. Download from your dashboard or request a copy.